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REMARKS/ARGUMENTS 

This Amendment is in response to the Office Action mailed November 16, 2009. 
Claims 1-16 were pending in the present application. This Amendment amends claims 1 and 4- 
14, cancels claim 2 without prejudice, and adds new claims 17 and 18, leaving pending in the 
application claims 1 and 3-18. Applicants submit that no new matter has been introduced by 
virtue of these amendments. Reconsideration of the rejected claims is respectfully requested. 

Examiner Interview 

Applicants would like to thank Examiner Virginia Ho and Supervisory Examiner 
Gilberto Barron for the telephonic interview regarding this application conducted with 
Applicants' representative, Andrew Lee, on February 16, 2010. Independent claims 1 and 12 
were discussed in light of the cited art. In particular, distinctions between the claims and the 
cited art, as well as possible clarifying amendments, were discussed. 

Although no agreement was reached, Examiner Ho indicated that she would study 
the presented arguments and amendments in greater detail upon receipt of a formal response. The 
foregoing amendments and following remarks reflect the substance of the discussion. 

Objections to the Specification 

The Specification is objected to because of informalities. The Specification has 
been amended accordingly. No new matter is added. 

35 U.S.C. $ 112 Rejection of Claims 12 and 13 

Claims 12 and 13 are rejected under 35 U.S.C. §1 12, first paragraph, as failing to 
comply with the written description requirement. In particular the Office Action asserts "the 
claims contains [sic] subject matter which was not described in the specification in such a way as 
to reasonably convey to one skilled in the relevant art that the inventors, at the time the 
application was filed, has possession of the claimed invention." (Office Action: pg. 3). 
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Applicants respectfully disagree. For example, support for the features of claims 
12 and 13 can be found in the Specification at, for example, FIG. 3 and page 9, line 30 to page 
10, line 15. Accordingly, Applicants respectfully request that this Section 1 12 rejection be 
withdrawn. 

35 U.S.C. $ 112 Rejection of Claims 2, 3, 8, and 10 

Claims 2, 3, 8, and 10 are rejected under 35 U.S.C. §112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter which 
Applicants regard as the invention. In particular, the Office Action asserts: 

Dependent claims 2-4 and 8 recite "a data packet" and "the data packet" while 
independent claim 1 recites "management data packets." Dependent claim 1 0 recites "a data 
packet" and "the data packet" while independent claim 9 recites "management data packets." It is 
unclear whether the dependent claims are referring to the same packets as those "management data 
packets" recited in the respective independent claims. 
(Office Action: pg. 4). 
Claims 1 and 9 have been amended to remove the term "management data 
packets." Accordingly, Applicants respectfully submit that this Section 1 12 rejection is 
overcome. 

35 U.S.C. § 112 Rejection of Claims 12 and 14 

Claims 12 and 14 are rejected under 35 U.S.C. §1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. In particular, the Office Action notes: 

Claim 12 recites "determine if the data packet originated from a management 
virtual local area network" and subsequently "if the destination IP address did not originate 
from the management VLAN." Claim 14 recites "if the destination IP address did originate 
from the management VLAN." 

(Office Action: pg. 5; emphasis in original). 
Claims 12 and 14 have been amended to recite "data packet" rather than 
"destination IP address" in the locations noted in the Office Action. Accordingly, Applicants 
respectfully submit that this Section 1 12 rejection is overcome. 
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35 U.S.C. $ 112 Rejection of Claims 12 and 13 

Claims 12 and 13 are rejected under 35 U.S.C. §1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. In particular, the Office Action asserts that various limitations 
in claims 12 and 13 contradict the disclosure. (Office Action: pg. 5). 

Claims 12 and 13 have been amended accordingly. Accordingly, Applicants 
respectfully submit that this Section 1 12 rejection is overcome. 

35 U.S.C. § 103 Rejection of Claims 1, 4, 5, and 7 

Claims 1, 4, 5, and 7 are rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Chrysanthakopoulos et al. (U.S. Patent No. 7, 343,441, hereinafter "Chrysanthakopoulos") 
in view of Haviland ("Designing High-Performance Campus Intranets with Multilayer 
Switching," 1998, hereinafter "Haviland"). Applicants respectfully traverse. 

Applicants' independent claim 1, as amended, recites: 
A method comprising: 

identifying, by a network device, a first port of the network device as a 
management port, the first port having a gateway address; 

identifying, by the network device, a second port of the network device as a non- 
management port; and 

filtering, by the network device, a data packet received on the second port if a 
destination IP address of the data packet corresponds to the gateway address of the first port and if 
the data packet utilizes a management protocol. 

Support for the amendments to claim 1 can be found in the Specification at, for 
example, FIG. 3 and page 9, line 30 to page 10, line 15. No new matter is added. 

Applicants respectfully submit that the features of claim 1 are not taught or 
suggested by Chrysanthakopoulos or Haviland, considered individually or in combination. For 
example, Chrysanthakopoulos and Haviland fail to teach or suggest "filtering, by the network 
device, a data packet received on the second port if a destination IP address of the data packet 
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corresponds to the gateway address of the first port . . ." as recited in claim 1 . (Emphasis added). 
No disclosure pertaining to this particular feature could be found in either of these references. 

In rejecting dependent claim 2, the Office Action asserts that Blewett et al. (U.S. 
Patent No. 7,131,141, hereinafter "Blewett") teaches the concept of "determining if a destination 
IP address for a data packet received on the second port corresponds to the gateway address of 
the first port." (Office Action: pg. 1 1). The Office Action goes on to allege that: 

It would have been obvious for one of ordinary skill in the art at the time of the 
invention to further modify Chrysanthakopoulos to determine whether the destination IP address 
of a packet received in a second port (non-management port) corresponds to the gateway address 
of a first port (management port), as Blewett teaches utilizing various types of packet handling 
rules to implement a desired security gateway functionality (column 10, lines 11-13) (in this case, 
filtering management commands as taught by Chrysanthakopoulos in view of Haviland). 

(Office Action: pg. 1 1). 

Applicants respectfully disagree and, to pre-empt any rejection of amended claim 
1 in view of Chrysanthakopoulos, Haviland, and Blewett, provide the follow reasons why 
amended claim 1 is not obvious in view of this combination of references. 

First, Applicants submit that the cited section of Blewett (column 10, lines 14-40) 
fails teach or suggest "filtering. . . a data packet received on the second port if a destination IP 
address of the data packet corresponds to the gateway address of the first port. . ." as recited in 
claim 1. As noted in the Office Action, column 10, lines 14-40 of Blewett describe a rule table 
that is used by a security gateway to determine whether to accept or drop packets. The rules can 
be based on source/destination port, protocol, and source/destination IP addresses. (See Blewett: 
FIG. 1C). However, Applicants submit that the general notion of a rule table for 
accepting/dropping packets does not teach or suggest the specific concept of filtering a data 
packet received on a one port of a network device (e.g., the recited second port of claim 1) if the 
destination IP address of the data packet corresponds to a gateway address of another port on the 
same network device (e.g., the recited first port of claim 1). For example, as best understood, 
nowhere does the cited section of Blewett specifically indicate that a packet received on one port 
of the security gateway will be dropped if the destination IP address of the packet matches the 
gateway address of another port on the same security gateway. 



Page 10 of 15 



Appl. No. 10/668,455 PATENT 

Amdt. dated February 16, 2010 

Reply to Office Action of November 16, 2009 

Second, Applicants submit that there is no rationale for modifying 
Chrysanthakopoulos with Blewett (or any other reference) to teach "filtering. . . a data packet 
received on the second port if a destination IP address of the data packet corresponds to the 
gateway address of the first port. . ." as recited in claim 1. Chrysanthakopoulos describes a 
computing device with a plurality of ports. One of these ports is a management port, and the 
others are not management ports. When the computing device receives a management command 
on one of its ports, the computer device determines the identity of the receiving port. If the 
receiving port is the management port, the management command is processed by the computing 
device; if the receiving port is not the management port, the management command is 
dropped/ignored. (Chrysanthakopoulos: col. 6, lines 48-66). 

Thus, in Chrysanthakopoulos, the determination of whether to process or drop a 
management command is based solely on the identity of the device port on which the command 
is received ; other information, such as intended destination, is irrelevant. Accordingly, there is 
no reason for the computing device of Chrysanthakopoulos to determine if destination 
information included in a received management command points to the management port - if the 
command is received on a non-management port, the command will be dropped rcuardlcss of its 
intended destination . By way of contrast, in embodiments of Applicants' claim 1, a 
management data packet received on the second (i.e., non-management) port of the recited 
network device may be passed if its destination IP address is not the gateway address of the 
management port (for example, the destination of the management data packet may be a port on 
a different network device). 

For at least the foregoing reasons, Applicants submit that independent claim 1 is 
not rendered obvious by the cited art, and respectfully request that the rejection of claim 1 be 
withdrawn. 

Claims 4, 5, and 7 depend from independent claim 1 and are thus allowable for at 
least a similar rationale as discussed for claim 1, and others. 
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35 U.S.C. $ 103 Rejection of Claims 2, 3, 8, and 12-16 

Claims 2, 3, 8, and 12-16 are rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Chrysanthakopoulos, in view of Haviland, and further in view of Blewett. 
Applicants respectfully traverse. 

Claim 2 has been canceled without prejudice, and thus the rejection of this claim 

is moot. 

Claims 3 and 8 depend from independent claim 1, which is not rendered obvious 
by Chrysanthakopoulos, Haviland, and Blewett as discussed above. Accordingly, claims 3 and 
8 are allowable for at least a similar rationale as discussed for claim 1, and others. 

Independent claim 12 recites features that are similar to independent claim 1, and 
is thus allowable for at least a similar rationale as discussed for claim 1. In addition, claim 12 
recites additional features that distinguish over the cited art. For example, claim 12 recites in 
part: 

a control component configured to: 

if the destination IP address corresponds to the gateway IP address of 
the management port, determine if the data packet originated from a management virtual local area 
network (VLAN), wherein the management VLAN includes the management port; 

if the data packet did not originate from the management VLAN, 
determine if the data packet uses a management protocol; 

The Office Action asserts that these features are shown by Haviland at page 15, 
column 1. (Office Action: pg. 12). However, this section of Haviland merely states in general 
terms that a VLAN can be used to control access to management traffic. Applicants submit that 
the general notion of using a VLAN for management traffic does not teach or suggest the 
specific features of claim 12 quoted above. For example, Applicants could not find (and the 
Office Action does not identify) any section of Haviland that specifically teaches determining if 
a data packet originated from a management VLAN that includes a management port if the 
destination IP address of the packet corresponds to the gateway IP address of the management 
port . Similarly, Applicants could not find (and the Office Action does not identify) any section 
of Haviland that specifically teaches determining if a data packet uses a management protocol if 
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the data packet did not originate from the management VLAN . Accordingly, claim 12 is 
allowable for at least these additional reasons. 

Claims 13-16 depend from independent claim 12 and are thus allowable for at 
least a similar rationale as discussed for claim 12, and others. 

35 U.S.C. $ 103 Rejection of Claim 6 

Claim 6 is rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Chrysanthakopoulos, in view of Haviland, and further in view of Sylvest et al. (U.S. Publication 
No. 2003/0188003, hereinafter "Sylvest"). Applicants respectfully traverse. 

Claim 6 depends from independent claim 1 , which is not rendered obvious by 
Chrysanthakopoulos and Haviland as discussed above. As best understood, Sylvest does not 
provide any teaching that would remedy the deficiencies of Chrysanthakopoulos and Haviland in 
this regard. Accordingly, claim 6 is allowable for at least a similar rationale as discussed for 
claim 1, and others. 

35 U.S.C. § 103 Rejection of Claim 9 

Claim 9 is rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Chrysanthakopoulos, in view of Haviland, and further in view of Glenn ("A Summary of 
DoS/DDoS Prevention, Monitoring and Mitigation Techniques in a Service Provider 
Environment," 2003, hereinafter "Glenn"). Applicants respectfully traverse. 

Claim 9 recites features that are substantially similar to independent claim 1, 
which is not rendered obvious by Chrysanthakopoulos and Haviland as discussed above. As best 
understood, Glenn does not provide any teaching that would remedy the deficiencies of 
Chrysanthakopoulos and Haviland in this regard. Accordingly, claim 9 is allowable for at least a 
similar rationale as discussed for claim 1 , and others. 
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35 U.S.C. $ 103 Rejection of Claims 10 and 11 

Claims 10 and 1 1 are rejected under 35 U.S.C. §103(a) as being unpatentable over 
Chrysanthakopoulos, in view of Haviland, and further in view of Glenn, and further in view of 
Blewett. Applicants respectfully traverse. 

Claims 10 and 1 1 depend from independent claim 9, which is not rendered 
obvious by Chrysanthakopoulos, Haviland, and Glenn as discussed above. As best understood, 
Blewett does not provide any teaching that would remedy the deficiencies of 
Chrysanthakopoulos, Haviland, and Glenn in this regard. Accordingly, claims 10 and 1 1 are 
allowable for at least a similar rationale as discussed for claim 9, and others. 

New Claims 17 and 18 

New claims 17 and 18 have been added to cover various embodiments of the 
present invention. Support for the features of claims 17 and 18 can be found in the Specification 
at, for example, page 7, lines 3-7. No new matter is added. 

Claims 17 and 18 depend from independent claims 1 and 9 respectively, would 
are not rendered obvious by the cited art as discussed above. Accordingly, claims 17 and 18 are 
allowable for at least a similar rationale as discussed for claims 17 and 18, and others. In 
addition, claims 17 and 18 recite additional features that distinguish over the cited art. 

Amendments to the Claims 

Unless otherwise specified, amendments to the claims are made for purposes of 
clarity, and are not intended to alter the scope of the claims or limit any equivalents thereof. The 
amendments are supported by the Specification as filed and do not add new matter. 

CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 
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If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 650-326-2400. 



Respectfully submitted, 



/Andrew J. Lee/ 



Andrew J. Lee 
Reg. No. 60,371 

TOWNSEND and TOWNSEND and CREW LLP 

Two Embarcadero Center, Eighth Floor 

San Francisco, California 941 1 1-3834 

Tel: 650-326-2400 

Fax: 415-576-0300 
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